Re: Incorrect protocol implementation by OpenSSH?

From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
Date: Thu, 27 Sep 2007 22:04:07 GMT

"H.K. Kingston-Smith" <HKK-S@xxxxxxxxx> writes:

I am testing against an embedded SSH server that does not allow
clients to execute commands other than through an interactive shell. That
is, when the server receives an SSH_MSG_CHANNEL_REQUEST message to
execute commands, the server replies with SSH_MSG_CHANNEL_FAILURE. The
issue that I am encountering is that OpenSSH (at least version 4.1 does)
sends an SSH_MSG_UNIMPLEMENTED message in reply.

Why? I can't believe that OpenSSH does not implement
SSH_MSG_CHANNEL_FAILURE message processing - this message is most
certainly contemplated in the standard. It is true that the
SSH_MSG_CHANNEL_REQUEST message sent by the OpenSSH client contains a 0
byte in the want-reply field. However, my interpretation of the relevant
portion of the standard (RFC 4254, section 5.4) is that the server should
send an SSH_MSG_CHANNEL_FAILURE message in this case regardless of the
contents of the want-reply field.

Well, I think "not implimented " and "failure" are different concept. The
second says "Yes, what you tried to send me is fine, but somewhere I
screwed up and the command failed" The first says" You are not supposed to
be trying what you just tried." Your situation seems closer to this than to
the "I screwed up" situation.

Is this not the correct interpretation? The PuTTY client (at
least version 0.60) does seem to agree, for it just terminates the
connection at that point without sending any SSH_MSG_UNIMPLEMENTED
messages.

?? I do not understand. Putty is the client. It is the one requesting the
service, not delivering it.

.

Follow-Ups:
- Re: Incorrect protocol implementation by OpenSSH?
  - From: H.K. Kingston-Smith

References:
- Incorrect protocol implementation by OpenSSH?
  - From: H.K. Kingston-Smith

Prev by Date: Incorrect protocol implementation by OpenSSH?
Next by Date: Re: Incorrect protocol implementation by OpenSSH?
Previous by thread: Incorrect protocol implementation by OpenSSH?
Next by thread: Re: Incorrect protocol implementation by OpenSSH?
Index(es):
- Date
- Thread

Relevant Pages

Re: mount.nfs internal error
... For example by performing a system trace, I discovered that the /var/lib/nfs directory needs to exist on the client, and does not get created automatically. ... client contacts server on port 111 to ask for port of mountd ... server replies with OK ...
(comp.os.linux.networking)
Re: Remote administartion via email
... > authenticating via pgp / gpg keys) and execute commands contained ... If it's a client, I'd say you're stuck, since only stupid MS ... "The mass of ignorant Negroes still breed carelessly and ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: mount.nfs internal error
... For example by performing a system trace, I discovered that the /var/lib/nfs directory needs to exist on the client, and does not get created automatically. ... So mount gets as far as resolving walden4 to 192.168.1.140 based on its entry in /etc/hosts, ... client contacts server on port 111 to ask for port of mountd ... server replies with OK ...
(comp.os.linux.networking)
Re: mount.nfs internal error
... For example by performing a system trace, I discovered that the /var/lib/nfs directory needs to exist on the client, and does not get created automatically. ... So mount gets as far as resolving walden4 to 192.168.1.140 based on its entry in /etc/hosts, ... client contacts server on port 111 to ask for port of mountd ... server replies with OK ...
(comp.os.linux.networking)
Re: mount.nfs internal error
... For example by performing a system trace, I discovered that the /var/lib/nfs directory needs to exist on the client, and does not get created automatically. ... So mount gets as far as resolving walden4 to 192.168.1.140 based on its entry in /etc/hosts, ... client contacts server on port 111 to ask for port of mountd ... server replies with OK ...
(comp.os.linux.networking)